Skip to content

Commit

Permalink
Merge pull request #3817 from xcffl/master
Browse files Browse the repository at this point in the history
Add explanation mounting named volumes for `podman run`
  • Loading branch information
openshift-merge-robot authored Sep 10, 2019
2 parents 095647c + 3d240bd commit c1761ba
Show file tree
Hide file tree
Showing 17 changed files with 112 additions and 96 deletions.
2 changes: 1 addition & 1 deletion API.md
Original file line number Diff line number Diff line change
Expand Up @@ -1732,7 +1732,7 @@ uptime [string](https://godoc.org/builtin#string)
eventlogger [string](https://godoc.org/builtin#string)
### <a name="InfoPodmanBinary"></a>type InfoPodmanBinary

InfoPodman provides details on the podman binary
InfoPodman provides details on the Podman binary

compiler [string](https://godoc.org/builtin#string)

Expand Down
4 changes: 2 additions & 2 deletions cmd/podman/README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# podman - Simple debugging tool for pods and images
podman is a daemonless container runtime for managing containers, pods, and container images.
# Podman - Simple debugging tool for pods and images
Podman is a daemonless container runtime for managing containers, pods, and container images.
It is intended as a counterpart to CRI-O, to provide low-level debugging not available through the CRI interface used by Kubernetes.
It can also act as a container runtime independent of CRI-O, creating and managing its own set of containers.

Expand Down
2 changes: 1 addition & 1 deletion cmd/podman/varlink/io.podman.varlink
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ type InfoStore (
run_root: string
)

# InfoPodman provides details on the podman binary
# InfoPodman provides details on the Podman binary
type InfoPodmanBinary (
compiler: string,
go_version: string,
Expand Down
4 changes: 2 additions & 2 deletions contrib/cirrus/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ and `darwin` targets.
### ``special_testing_cgroupv2`` Task

Use the latest Fedora release with the required kernel options pre-set for
exercising cgroups v2 with podman integration tests. Also depends on
exercising cgroups v2 with Podman integration tests. Also depends on
having `SPECIALMODE` set to 'cgroupv2`


Expand Down Expand Up @@ -272,7 +272,7 @@ values follows:
* `rootless`: Causes a random, ordinary user account to be created
and utilized for testing.
* `in_podman`: Causes testing to occur within a container executed by
podman on the host.
Podman on the host.
* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups
* `windows`: See **darwin**
* `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client.
2 changes: 1 addition & 1 deletion contrib/podmanimage/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
## Overview

This directory contains the Dockerfiles necessary to create the three podmanimage container
images that are housed on quay.io under the podman account. All three repositories where
images that are housed on quay.io under the Podman account. All three repositories where
the images live are public and can be pulled without credentials. These container images are secured and the
resulting containers can run safely with privileges within the container. The container images are built
using the latest Fedora and then Podman is installed into them:
Expand Down
2 changes: 1 addition & 1 deletion dependencies/analyses/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ The analysis script will then read and parse the build data and print a sorted t
Running such an analysis on libpod may look as follows:

```
# 1) Build the podman binary with `-work -a`.
# 1) Build the Podman binary with `-work -a`.
[libpod]$ BUILDFLAGS="-work -a" make podman
[...]
WORK=/tmp/go-build794287815
Expand Down
14 changes: 7 additions & 7 deletions docs/podman-build.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,8 @@ process.

**--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]

Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the podman
Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman
container. The `OPTIONS` are a comma delimited list and can be:

* [rw|ro]
Expand All @@ -547,14 +547,14 @@ See examples.
Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
default, podman does not change the labels set by the OS.
default, Podman does not change the labels set by the OS.

To change a label in the container context, you can add either of two suffixes
`:z` or `:Z` to the volume mount. These suffixes tell podman to relabel file
objects on the shared volumes. The `z` option tells podman that two containers
share the volume content. As a result, podman labels the content with a shared
`:z` or `:Z` to the volume mount. These suffixes tell Podman to relabel file
objects on the shared volumes. The `z` option tells Podman that two containers
share the volume content. As a result, Podman labels the content with a shared
content label. Shared volume labels allow all containers to read/write content.
The `Z` option tells podman to label the content with a private unshared label.
The `Z` option tells Podman to label the content with a private unshared label.
Only the current container can use a private volume.

`Overlay Volume Mounts`
Expand Down
2 changes: 1 addition & 1 deletion docs/podman-commit.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ configured with the `--change` flag and a commit message can be set using the
`--message` flag. The container and its processes are paused while the image is
committed. This minimizes the likelihood of data corruption when creating the new
image. If this is not desired, the `--pause` flag can be set to false. When the commit
is complete, podman will print out the ID of the new image.
is complete, Podman will print out the ID of the new image.

If *image* does not begin with a registry name component, `localhost` will be added to the name.

Expand Down
48 changes: 24 additions & 24 deletions docs/podman-create.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ Print usage statement
**--http-proxy**=*true|false*

By default proxy environment variables are passed into the container if set
for the podman process. This can be disabled by setting the `--http-proxy`
for the Podman process. This can be disabled by setting the `--http-proxy`
option to `false`. The environment variables passed in include `http_proxy`,
`https_proxy`, `ftp_proxy`, `no_proxy`, and also the upper case versions of
those. This option is only needed when the host system must use a proxy but
Expand All @@ -341,7 +341,7 @@ Defaults to `true`

**--image-volume**, **builtin-volume**=*bind|tmpfs|ignore*

Tells podman how to handle the builtin image volumes. The options are: 'bind', 'tmpfs', or 'ignore' (default 'bind').
Tells Podman how to handle the builtin image volumes. The options are: 'bind', 'tmpfs', or 'ignore' (default 'bind').
bind: A directory is created inside the container state directory and bind mounted into
the container for the volumes.
tmpfs: The volume is mounted onto the container as a tmpfs, which allows the users to create
Expand Down Expand Up @@ -505,7 +505,7 @@ Set the Network mode for the container. Invalid if using **--dns**, **--dns-opti
'bridge': create a network stack on the default bridge
'none': no networking
'container:<name|id>': reuse another container's network stack
'host': use the podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
'host': use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
'<network-name>|<network-id>': connect to a user-defined network
'ns:<path>': path to a network namespace to join
'slirp4netns': use slirp4netns to create a user network stack. This is the default for rootless containers
Expand Down Expand Up @@ -543,19 +543,19 @@ Tune the container's pids limit. Set `-1` to have unlimited pids for the contain

**--pod**=*name*

Run container in an existing pod. If you want podman to make the pod for you, preference the pod name with `new:`.
Run container in an existing pod. If you want Podman to make the pod for you, preference the pod name with `new:`.
To make a pod with more granular options, use the `podman pod create` command before creating a container.

**--privileged**=*true|false*

Give extended privileges to this container. The default is *false*.

By default, podman containers are
By default, Podman containers are
“unprivileged” (=false) and cannot, for example, modify parts of the kernel.
This is because by default a container is not allowed to access any devices.
A “privileged” container is given access to all devices.

When the operator executes a privileged container, podman enables access
When the operator executes a privileged container, Podman enables access
to all devices on the host, turns off graphdriver mount options, as well as
turning off most of the security measures protecting the host from the
container.
Expand All @@ -577,9 +577,9 @@ Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPO
Publish all exposed ports to random ports on the host interfaces. The default is *false*.

When set to true publish all exposed ports to the host interfaces. The
default is false. If the operator uses -P (or -p) then podman will make the
default is false. If the operator uses -P (or -p) then Podman will make the
exposed port accessible on the host and the ports will be available to any
client that can reach the host. When using -P, podman will bind any exposed
client that can reach the host. When using -P, Podman will bind any exposed
port to a random port on the host within an *ephemeral port range* defined by
`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
ports and the exposed ports, use `podman port`.
Expand Down Expand Up @@ -733,11 +733,11 @@ any options, the systems uses the following options:

Allocate a pseudo-TTY. The default is *false*.

When set to true podman will allocate a pseudo-tty and attach to the standard
When set to true Podman will allocate a pseudo-tty and attach to the standard
input of the container. This can be used, for example, to run a throwaway
interactive shell. The default is false.

Note: The **-t** option is incompatible with a redirection of the podman client
Note: The **-t** option is incompatible with a redirection of the Podman client
standard input.

**--uidmap**=*container_uid:host_uid:amount*
Expand Down Expand Up @@ -793,8 +793,8 @@ container. The `OPTIONS` are a comma delimited list and can be:
* [`[r]shared`|`[r]slave`|`[r]private`]

The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR`
must be an absolute path as well. podman bind-mounts the `HOST-DIR` to the
path you specify. For example, if you supply the `/foo` value, podman creates a bind-mount.
must be an absolute path as well. Podman bind-mounts the `HOST-DIR` to the
path you specify. For example, if you supply the `/foo` value, Podman creates a bind-mount.

You can specify multiple **-v** options to mount one or more mounts to a
container.
Expand All @@ -806,14 +806,14 @@ See examples.
Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
default, podman does not change the labels set by the OS.
default, Podman does not change the labels set by the OS.

To change a label in the container context, you can add either of two suffixes
`:z` or `:Z` to the volume mount. These suffixes tell podman to relabel file
objects on the shared volumes. The `z` option tells podman that two containers
share the volume content. As a result, podman labels the content with a shared
`:z` or `:Z` to the volume mount. These suffixes tell Podman to relabel file
objects on the shared volumes. The `z` option tells Podman that two containers
share the volume content. As a result, Podman labels the content with a shared
content label. Shared volume labels allow all containers to read/write content.
The `Z` option tells podman to label the content with a private unshared label.
The `Z` option tells Podman to label the content with a private unshared label.
Only the current container can use a private volume.

By default bind mounted volumes are `private`. That means any mounts done
Expand Down Expand Up @@ -861,19 +861,19 @@ To share a volume, use the --volumes-from option when running
the target container. You can share volumes even if the source container
is not running.

By default, podman mounts the volumes in the same mode (read-write or
By default, Podman mounts the volumes in the same mode (read-write or
read-only) as it is mounted in the source container. Optionally, you
can change this by suffixing the container-id with either the `ro` or
`rw` keyword.

Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
default, podman does not change the labels set by the OS.
default, Podman does not change the labels set by the OS.

To change a label in the container context, you can add `z` to the volume mount.
This suffix tells podman to relabel file objects on the shared volumes. The `z`
option tells podman that two containers share the volume content. As a result,
This suffix tells Podman to relabel file objects on the shared volumes. The `z`
option tells Podman that two containers share the volume content. As a result,
podman labels the content with a shared content label. Shared volume labels allow
all containers to read/write content.

Expand Down Expand Up @@ -927,7 +927,7 @@ Note: RHEL7 and Centos 7 will not have this feature until RHEL7.7 is released.

In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace.

Rootless podman works better if the fuse-overlayfs and slirp4netns packages are installed.
Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed.
The fuse-overlay package provides a userspace overlay storage driver, otherwise users need to use
the vfs storage driver, which is diskspace expensive and does not perform well. slirp4netns is
required for VPN, without it containers need to be run with the --net=host flag.
Expand All @@ -937,7 +937,7 @@ required for VPN, without it containers need to be run with the --net=host flag.
Environment variables within containers can be set using multiple different options: This section describes the precedence.

Precedence Order:
**--env-host** : Host environment of the process executing podman is added.
**--env-host** : Host environment of the process executing Podman is added.

Container image : Any environment variables specified in the container image.

Expand Down Expand Up @@ -967,7 +967,7 @@ b
subgid(5), subuid(5), libpod.conf(5), systemd.unit(5), setsebool(8), slirp4netns(1), fuse-overlayfs(1)

## HISTORY
October 2017, converted from Docker documentation to podman by Dan Walsh for podman <dwalsh@redhat.com>
October 2017, converted from Docker documentation to Podman by Dan Walsh for Podman <dwalsh@redhat.com>

November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

Expand Down
10 changes: 5 additions & 5 deletions docs/podman-events.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ The *since* and *until* values can be RFC3339Nano time stamps or a Go duration s

## EXAMPLES

Showing podman events
Showing Podman events
```
$ podman events
2019-03-02 10:33:42.312377447 -0600 CST container create 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
Expand All @@ -108,7 +108,7 @@ $ podman events
2019-03-02 10:33:51.047104966 -0600 CST container cleanup 34503c192940 (image=docker.io/library/alpine:latest, name=friendly_allen)
```

Show only podman create events
Show only Podman create events
```
$ podman events --filter event=create
2019-03-02 10:36:01.375685062 -0600 CST container create 20dc581f6fbf (image=docker.io/library/alpine:latest, name=sharp_morse)
Expand All @@ -117,15 +117,15 @@ $ podman events --filter event=create
2019-03-02 10:36:29.978806894 -0600 CST container create d81e30f1310f (image=docker.io/library/busybox:latest, name=musing_newton)
```

Show only podman pod create events
Show only Podman pod create events
```
$ podman events --filter event=create --filter type=pod
2019-03-02 10:44:29.601746633 -0600 CST pod create 1df5ebca7b44 (image=, name=confident_hawking)
2019-03-02 10:44:42.374637304 -0600 CST pod create ca731231718e (image=, name=webapp)
2019-03-02 10:44:47.486759133 -0600 CST pod create 71e807fc3a8e (image=, name=reverent_swanson)
```

Show only podman events created in the last five minutes:
Show only Podman events created in the last five minutes:
```
$ sudo podman events --since 5m
2019-03-02 10:44:29.598835409 -0600 CST container create b629d10d3831 (image=k8s.gcr.io/pause:3.1, name=1df5ebca7b44-infra)
Expand All @@ -134,7 +134,7 @@ $ sudo podman events --since 5m
2019-03-02 10:44:42.374637304 -0600 CST pod create ca731231718e (image=, name=webapp)
```

Show podman events in JSON Lines format
Show Podman events in JSON Lines format
```
events --format json
{"ID":"683b0909d556a9c02fa8cd2b61c3531a965db42158627622d1a67b391964d519","Image":"localhost/myshdemo:latest","Name":"agitated_diffie","Status":"cleanup","Time":"2019-04-27T22:47:00.849932843-04:00","Type":"container"}
Expand Down
2 changes: 1 addition & 1 deletion docs/podman-exec.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ when creating the container.
The exit code from `podman exec` gives information about why the command within the container failed to run or why it exited. When `podman exec` exits with a
non-zero code, the exit codes follow the `chroot` standard, see below:

**_125_** if the error is with podman **_itself_**
**_125_** if the error is with Podman **_itself_**

$ podman exec --foo ctrID /bin/sh; echo $?
Error: unknown flag: --foo
Expand Down
2 changes: 1 addition & 1 deletion docs/podman-generate-kube.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ podman-generate-kube - Generate Kubernetes YAML based on a pod or container
**podman generate kube** [*options*] *container* | *pod*

## DESCRIPTION
**podman generate kube** will generate Kubernetes Pod YAML (v1 specification) from a podman container or pod. Whether
**podman generate kube** will generate Kubernetes Pod YAML (v1 specification) from a Podman container or pod. Whether
the input is for a container or pod, Podman will always generate the specification as a Pod. The input may be in the form
of a pod or container name or ID.

Expand Down
2 changes: 1 addition & 1 deletion docs/podman-image-sign.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ Sign the busybox image with the identify of foo@bar.com with a user's keyring an

The write (and read) location for signatures is defined in YAML-based
configuration files in /etc/containers/registries.d/. When you sign
an image, podman will use those configuration files to determine
an image, Podman will use those configuration files to determine
where to write the signature based on the the name of the originating
registry or a default storage value unless overriden with the --directory
option. For example, consider the following configuration file.
Expand Down
2 changes: 1 addition & 1 deletion docs/podman-image-tree.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ podman\-image\-tree - Prints layer hierarchy of an image in a tree format

## DESCRIPTION
Prints layer hierarchy of an image in a tree format.
If you do not provide a *tag*, podman will default to `latest` for the *image*.
If you do not provide a *tag*, Podman will default to `latest` for the *image*.
Layers are indicated with image tags as `Top Layer of`, when the tag is known locally.
## OPTIONS

Expand Down
Loading

0 comments on commit c1761ba

Please sign in to comment.